A closer look at computer viruses

Last week, we looked at a risky type of malware known as spyware; this week I want to discuss another type of malware viruses. This will be a three-part series starting with an introduction today, a discussion of prevention tips next week with wrap-up focused on techniques for cleaning an infected system at the end. Important enough of an issue to spend three weeks on, viruses are often more malicious than spyware and, left unchecked, can bring down a personal computer in quick fashion. Therefore, knowledge of the threat is very important. Last July marked 25 years since the first computer virus was discovered "in the wild." The term "wild" generally means loose on the Internet but technically it means not held within the confines of a secure computer laboratory. The virus came to be called Elk Cloner and did nothing more than display a poem on the computer screen. The targeted computer was the Apple II, which was the most popular personal computer in the home at the time. About five years later, the first PC virus, "Brain," was detected. This virus did nothing more than change the volume label, which is the name of the hard drive partition. Viruses have no boundaries. They present a risk to all operating systems and most browsers. Windows computers and the Internet Explorer Web browser suffer the highest risk but Macintosh and Linux users take note your systems are vulnerable, too. The threat level is lower but they vulnerable nonetheless. What are computer viruses? Viruses are fundamentally small pieces of software designed to infiltrate a system and disrupt normal operation. They come in many forms, attack a system in many ways and employ a number of techniques to remain hidden. Similar to biological viruses they are something that can be easily caught, further spread and, in some cases, cause some pretty nasty things to happen. Early viruses focused on the boot sector of the computers hard drive rendering the system unbootable. Later, viruses were able to perform a metamorphosis in order to hide from anti-virus programs. The latest threats appear to be viruses that, among other things, target the ActiveX and Java controls of Web browsers something a common user knows very little about. Fortunately, they can also be controlled to a great degree. Modern computer viruses have three basic parts: the ability to replicate, the ability to conceal itself and some kind of a payload. The ability to replicate itself is a big factor without it the virus would not be a virus. If it cannot replicate but can do the other two things then it might be classified as a worm (provided it meets other conditions). The payload is main activity the virus was originally designed to perform. Where do viruses come from? They come from college or high school kids who are showing off some newfound programming skills. Organized crime groups who are looking for financial gains through the spread of malware. Disgruntled workers with an axe to grind. Many stories about a particular virus origin seem to always end with a teenager having three things: a computer, an Internet connection and too much time on his hands. While there are many amateur virus writers lurking in the shadows many of their efforts fail because they lack the level of sophistication needed to write something that actually works. That may change soon due to the increased availability of virus construction kits, which can be downloaded from various bulletin boards. These kits come with enough sophistication to enable almost anyone to write a virus. An interesting point on virus origins I came across lately was how Microsoft is partly to blame. The theory goes something like this: someone discovers a security risk in the operating system or browser and reports it to Microsoft. Microsoft promptly releases a patch to fix the problem with specific information about the issue all good stuff so far. Due to the average speed in which many users update their systems, the virus writers have a large window of opportunity in which to exploit the newly-discovered security risk. The writers, in some cases, have pretty good knowledge as a starting point because the info is readily available. The argument makes a lot of sense to me. Where viruses come from is not as important to our discussion as how they travel to our systems. Viruses move about easily via e-mail attachments and instant messaging messages. They also spread through Internet downloads by piggybacking on other software and, believe it or not, people still get them by simply putting an infected disk into the system. Thats all we have room for this week. Next time, well explore some common prevention techniques and Ill introduce some sites that offer great information or free software. Thanks for reading and have a safe, productive week.